EtherDam -- an IPTables firewall configuration script

EtherDam is a firewall configuration engine that relies
on iptables. It presents
firewall configuration as a somewhat simpler scripting language
that's still flexible enough for most purposes.

So why not just use iptables?

Well, let's just face one thing: iptables is a pain to
manage. By 'pain,' I mean a heavy dull throb that seems ready to
make your head explode. It's nice to finally have a stateful
firewalling facility for Linux, but you have to remember fifteen
or so different arrangements of the iptables options just to make
a simple bare-metal NAT box. It's enough to send you running back
to OpenBSD.

One day, I got tired of that. So I came up with EtherDam.

My goal with EtherDam was to create a simplified firewall
configuration language rather than remember or look up several
complex incantations of the iptables command. EtherDam is a
wrapper; it still uses iptables as a back-end.

The language itself is fairly complete--complete enough for a
decent firewall--though it's not properly documented yet. The
processing engine is also up to speed, though it's not extremely
well tested.

News

[Sep 29
2005]

EtherDam v0.4
is released. Along with some small bugfixes, it now
supports a new MSS command. PPPoE users
should find this particularly useful. Get the new version
from the download page.

[May 8
2004]

EtherDam v0.3
is released. This has a few significant bugfixes, plus
support for a new ROUTE command. Get it on the
download page.

[Apr 28
2004]

EtherDam v0.2
is released. This is a big improvement over 0.1, with many
bugfixes and documentation. Get it on the
download page.

[Apr 27
2004]

EtherDam v0.1
is released. This is a beta release, and it's a bit
glitchy (yes, I discovered this only after I
released it). I'd really recommend you use
CVS
for now, but...hey, do what you want. *shrug*

If you have a bug report, or if you want to become part of the
project, then e-mail me (kelledin at
spam-free-internet dot users dot
sf dot net) or post a message on the
project
forums. Note the slight alteration in the e-mail address.